Privacy & Cyber Security Services Group
The combination of privacy, cyber security and data breach represents one of the most rapidly evolving areas of the law and a significant concern facing businesses of all types in an ever-increasing digital world. From financial services companies and multinational corporations, to smaller local businesses, and just about everything in between, privacy and information security must be at the forefront of any company’s business plans and strategic objectives. At SGK, our Privacy & Cyber Security Services Group offers comprehensive legal services to the widest range of business entities to address these complex and evolving issues. We use a multi-disciplinary approach within the firm to identify and minimize potential exposure that could result from a data breach or the legal exposure from regulators for having inadequate information security programs. Our Privacy & Cyber Security Services team includes attorneys who are highly experienced in data security and privacy, litigation, cyber insurance coverage, human resources and business counselling, to provide a holistic approach to representation in all areas related to cyber security and privacy.
Data Breach Response Plans
The best time to prepare for a data breach is before it happens. The multifaceted skill sets of the SGK attorneys in this practice group can assist our clients by developing meaningful and regulatory compliant data breach response plans. These plans include formulating information security policies appropriate to the business, advising and assisting with configuring detailed information security programs to implement the business’ policy, corresponding training, and its disaster recovery plans, audit standards, and appropriate crisis management plans. Our team monitors and analyzes applicable federal and state law, as well as emerging international standards to ensure that the most up-to-date, comprehensive and compliant data security programs are integrated into the client’s business. We work to identify and minimize potential exposure resulting from potential or actual data breaches, while making sure the programs are “right sized” for the particular client and the client’s unique needs and risk profile.
In this regard, cyber security and privacy matters are no longer the sole domain of financial institutions or health care practices. The law continues to rapidly evolve and expand its reach on both a national and international level to encompass all types of industries which have not historically been targeted. These evolving threats to data of all types and the complex legal requirements extend to most any type of business that transacts in, or stores and transmits data, including data on customers, employees’ HR data that may be stored or transmitted across affiliate lines, or data stored by or transmitted to subcontractors and vendors, among other scenarios.
Data Breach Crisis Assistance
In the event of a data breach or threatened breach, our Privacy & Cyber Security Services Group provides clients a multi-disciplined approach to rapidly and efficiently coordinate a breach response in order to effectively curtail and mitigate the legal and reputational impacts and the corresponding exposure to the client and its customers. Our veteran professionals provide critical aid to the client during this emergency, helping to craft legally sufficient client notifications when required, working with the client’s employees to develop answers to the most commonly asked questions that impacted customers may ask, and acting as a medium through which the client may interact with various state or federal agencies, regulators and investigators, or the press. In a data breach crisis event, where every hour counts and customer interaction is of the utmost importance, SGK’s clients can rely on our team’s distinctive combination of client familiarity and resourceful experience.
Upon resolution of the crisis event, the Privacy & Cyber Security Services Group of SGK can quickly pivot to address any affirmative ongoing action a client may need to take to protect its customers’ interests, or prepare to vigorously defend a suit or threatened suit or regulatory action. We can effectively position our clients to take the most advantageous strategic position, never losing sight of the client’s business needs.
Emerging Privacy Legal Requirements
- Performing risk assessments, and inventories of systems, devices and data
- Creating compliant Privacy Policies for client websites
- Developing Information Security Programs designed to fit the unique needs and risk profile of the client and its business
- General counselling relating to cyber security, data protection and privacy laws, including:
- Gramm-Leach-Bliley (GLB)
- Health Insurance Portability and Accountability Act (HIPAA)
- The Federal Trade Commission (FTC) Act
- Industry-specific requirements for financial services, health care, utilities, transportation, education, and government contractors; and
- State data breach notice laws
- Assessing existing information security programs with recommendations to update and expand to cover wider types of data requiring protection
- Developing Disaster Recovery Plans (DRP) tailored to the size and risk profile of the client
- Representing financial institutions in connection with major credit card data breaches and recovering costs associated with the breach from the Card Associations and the merchant
- Developing comprehensive privacy and data security training for a major financial institution and roll out wide scale client training across the enterprise
- Investigating data breach threats and developing mitigation strategies, including dealing with law enforcement, insurers, public relations, and stakeholders
- Bringing the right team of professionals across different disciplines together, including IT resources and forensic analysts to assist in data breach response activities
- Additionally, in business transactions where data is an element of ownership:
- Optimizing ownership, rights and monetization of data
- Securing data rights in licenses and other transactions
- Due diligence on data management/compliance in M&A and other key transactions; and
- Negotiating key provisions pertaining to data protection and disaster recovery in agreements that include cloud services, software as a service (SaaS), hosting and other agreements.
With the experience of the Privacy & Cyber Security Services Group of SGK available to assist in protecting the most critical data of its clients, there is no reason to go it alone when building an increasingly needed plan of information protection. SGK’s Privacy & Cyber Security Services Group is a key member of the planning and response team for cyber security threats and incidents.